AWS KMS如何确定解密时使用哪个密钥? [英] How AWS KMS determine which key to use when decrypt?

问题描述

我对aws-kms如何选择用于解密密文blob的密钥感到困惑?

I'm confused on how the aws-kms select which key to use to decrypt a ciphertextblob?

调用解密方法时，不提供任何密钥信息.

When calling the decrypt method, no key information is provided.

推荐答案

加密时，KMS将CMK信息存储在ciphertextblob(CiphertextBlob:包括元数据的密文)中作为元数据.因此，在调用解密时，KMS知道要使用哪个CMK.

When you encrypt, KMS stores the CMK information in the ciphertextblob (CiphertextBlob: Ciphertext including metadata) as metadata. So while calling decrypt, KMS knows which CMK to use.

更多详细信息，请参见: https://d1.awsstatic.com/whitepapers/aws-kms-best-practices.pdf https://docs.aws.amazon.com/cli/Latest/reference/kms/encrypt.html

More details in: https://d1.awsstatic.com/whitepapers/aws-kms-best-practices.pdf https://docs.aws.amazon.com/cli/latest/reference/kms/encrypt.html

这篇关于AWS KMS如何确定解密时使用哪个密钥?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！